No ProtectedAttributes in supported Rails versions

Author: ledermann

lib/rails-settings.rb

@@ -1,11 +1,3 @@
-module RailsSettings
-  # In Rails 4, attributes can be protected by using the gem `protected_attributes`
-  # In Rails 5, protecting attributes is obsolete (there are `StrongParameters` only)
-  def self.can_protect_attributes?
-    defined?(ProtectedAttributes)
-  end
-end
-
 require 'rails-settings/setting_object'
 require 'rails-settings/configuration'
 require 'rails-settings/base'

lib/rails-settings/base.rb

@@ -14,13 +14,8 @@ def settings(var)
             raise ArgumentError.new("Unknown key: #{var}")
           end
 
-          if RailsSettings.can_protect_attributes?
-            setting_objects.detect { |s| s.var == var.to_s } ||
-              setting_objects.build({ var: var.to_s }, without_protection: true)
-          else
-            setting_objects.detect { |s| s.var == var.to_s } ||
-              setting_objects.build(var: var.to_s, target: self)
-          end
+          setting_objects.detect { |s| s.var == var.to_s } ||
+            setting_objects.build(var: var.to_s, target: self)
         end
 
         def settings=(value)

lib/rails-settings/setting_object.rb

@@ -19,12 +19,6 @@ class SettingObject < ActiveRecord::Base
       serialize :value, Hash
     end
 
-    if RailsSettings.can_protect_attributes?
-      # attr_protected can not be used here because it touches the database which is not connected yet.
-      # So allow no attributes and override <tt>#sanitize_for_mass_assignment</tt>
-      attr_accessible
-    end
-
     REGEX_SETTER = /\A([a-z]\w*)=\Z/i
     REGEX_GETTER = /\A([a-z]\w*)\Z/i
 
@@ -50,21 +44,6 @@ def method_missing(method_name, *args, &block)
 
     protected
 
-    if RailsSettings.can_protect_attributes?
-      # Simulate attr_protected by removing all regular attributes
-      def sanitize_for_mass_assignment(attributes, role = nil)
-        attributes.except(
-          'id',
-          'var',
-          'value',
-          'target_id',
-          'target_type',
-          'created_at',
-          'updated_at',
-        )
-      end
-    end
-
     private
 
     def _get_value(name)

spec/setting_object_spec.rb

@@ -3,25 +3,13 @@
 describe RailsSettings::SettingObject do
   let(:user) { User.create! name: 'Mr. Pink' }
 
-  if RailsSettings.can_protect_attributes?
-    let(:new_setting_object) do
-      user.setting_objects.build({ var: 'dashboard' }, without_protection: true)
-    end
-    let(:saved_setting_object) do
-      user.setting_objects.create!(
-        { var: 'dashboard', value: { 'theme' => 'pink', 'filter' => false } },
-        without_protection: true,
-      )
-    end
-  else
-    let(:new_setting_object) do
-      user.setting_objects.build({ var: 'dashboard' })
-    end
-    let(:saved_setting_object) do
-      user.setting_objects.create!(
-        { var: 'dashboard', value: { 'theme' => 'pink', 'filter' => false } },
-      )
-    end
+  let(:new_setting_object) do
+    user.setting_objects.build({ var: 'dashboard' })
+  end
+  let(:saved_setting_object) do
+    user.setting_objects.create!(
+      { var: 'dashboard', value: { 'theme' => 'pink', 'filter' => false } },
+    )
   end
 
   describe 'serialization' do
@@ -136,15 +124,6 @@
     it 'should not save blank hash' do
       expect(new_setting_object.update({})).to be_truthy
     end
-
-    if RailsSettings.can_protect_attributes?
-      it 'should not allow changing protected attributes' do
-        new_setting_object.update!(var: 'calendar', foo: 42)
-
-        expect(new_setting_object.var).to eq('dashboard')
-        expect(new_setting_object.foo).to eq(42)
-      end
-    end
   end
 
   describe 'save' do